× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 098c5a6d4c9e0926c054fc7ca79f67e6de7bf8f41245ed1063fea48575bb377d
File name: DECRYPTED
Detection ratio: 43 / 53
Analysis date: 2015-10-24 16:40:50 UTC ( 6 months, 1 week ago )
Antivirus Result Update
AVG PSW.Generic11.CLGF 20151025
AVware Trojan.Win32.Nyu.rc (v) 20151025
AhnLab-V3 Backdoor/Win32.Agent 20151025
Antiy-AVL Trojan[Backdoor]/Win32.Agent 20151025
Arcabit Trojan.PWS.Fareit.AJ 20151025
Avast Multi:Wirenet-B [Trj] 20151025
Avira (no cloud) TR/Spy.Gen 20151025
Baidu-International Backdoor.Win32.NetWiredRC.i 20151025
BitDefender Trojan.PWS.Fareit.AJ 20151025
Bkav W32.KaniatI.Trojan 20151025
ByteHero Trojan.Malware.KillAV.Gen.001 20151025
CAT-QuickHeal Backdoor.NetWiredRC.B4 20151024
Comodo UnclassifiedMalware 20151025
Cyren W32/A-c353a963!Eldorado 20151025
DrWeb BackDoor.Wirenet.4 20151025
ESET-NOD32 Win32/Spy.Agent.NYU 20151025
Emsisoft Trojan.PWS.Fareit.AJ (B) 20151025
F-Prot W32/A-c353a963!Eldorado 20151025
F-Secure Trojan.PWS.Fareit.AJ 20151023
Fortinet W32/Agent.NYU!tr 20151025
GData Trojan.PWS.Fareit.AJ 20151025
Ikarus Backdoor.Win32.NetWiredRC 20151025
Jiangmin Backdoor/Agent.dssr 20151024
K7AntiVirus Spyware ( 0037fb2d1 ) 20151025
K7GW Spyware ( 0037fb2d1 ) 20151025
Kaspersky Backdoor.Win32.NetWiredRC.i 20151025
Malwarebytes Trojan.InfoStealer 20151025
McAfee BackDoor-FCWH!224C73F81721 20151025
McAfee-GW-Edition BehavesLike.Win32.Klez.kh 20151025
eScan Trojan.PWS.Fareit.AJ 20151025
Microsoft Backdoor:Win32/NetWiredRC.B 20151025
NANO-Antivirus Trojan.Win32.NetWiredRC.cqmkgp 20151025
Panda Trj/Genetic.gen 20151025
Rising PE:Backdoor.NetWiredRC!6.16EA[F1] 20151024
SUPERAntiSpyware Trojan.Agent/Gen-Urausy 20151024
Sophos Troj/Zbot-HPK 20151025
TheHacker Trojan/Spy.Agent.nyu 20151025
TrendMicro TSPY_NETWIREDRC_DD300524.UVPA 20151025
TrendMicro-HouseCall TSPY_NETWIREDRC_DD300524.UVPA 20151025
VBA32 Backdoor.NetWiredRC 20151023
VIPRE Trojan.Win32.Nyu.rc (v) 20151025
Zillya Backdoor.NetWiredRC.Win32.1 20151025
nProtect Backdoor/W32.NetWiredRC.70656 20151023
AegisLab 20151025
Yandex 20151025
Alibaba 20151023
CMC 20151021
ClamAV 20151025
Symantec 20151025
Tencent 20151025
TotalDefense 20151025
ViRobot 20151025
Zoner 20151025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-30 18:56:45
Entry Point 0x00001FEC
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegSetValueExA
CryptGetHashParam
RegQueryValueExA
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
CryptHashData
RegEnumKeyExA
CryptDestroyHash
CryptCreateHash
CryptUnprotectData
DeleteDC
SelectObject
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
CreateToolhelp32Snapshot
PeekNamedPipe
GetLastError
HeapFree
EnterCriticalSection
ReadFile
Process32First
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
HeapAlloc
ExitProcess
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
CreatePipe
GetStartupInfoA
GetCurrentProcessId
OpenProcess
CreateDirectoryA
DeleteFileA
ReleaseMutex
SetErrorMode
Process32Next
GetCommandLineA
GetProcAddress
GetSystemInfo
GetProcessHeap
CreateMutexA
SetFilePointer
FindFirstFileA
WriteFile
CloseHandle
GetComputerNameA
FindNextFileA
FreeLibrary
LocalFree
MoveFileA
TerminateProcess
ResumeThread
CreateProcessA
GetLogicalDriveStringsA
InitializeCriticalSection
FindClose
Sleep
GetTickCount
GetFileAttributesExA
CreateFileA
GetProcessTimes
LeaveCriticalSection
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
GetMessageA
MapVirtualKeyA
GetForegroundWindow
EnumWindows
keybd_event
PostQuitMessage
DefWindowProcA
ShowWindow
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
GetKeyNameTextA
mouse_event
IsWindowVisible
SendMessageA
ToAscii
SetCursorPos
CreateWindowExA
GetKeyboardState
GetDesktopWindow
GetWindowTextA
GetKeyState
waveInOpen
waveInPrepareHeader
waveInGetDevCapsA
waveInAddBuffer
waveInClose
waveInUnprepareHeader
waveInStop
waveInStart
waveInGetNumDevs
__WSAFDIsSet
gethostname
socket
setsockopt
recv
send
WSACleanup
WSAStartup
gethostbyname
select
ioctlsocket
WSAGetLastError
shutdown
ntohs
htons
closesocket
WSAIoctl
connect
getenv
_vsnprintf
time
fwrite
_vscprintf
fgetpos
fclose
malloc
free
fsetpos
fread
_filelengthi64
_beginthreadex
sprintf
realloc
fgets
fflush
fopen
strlen
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:08:30 19:56:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59392

LinkerVersion
2.23

EntryPoint
0x1fec

InitializedDataSize
10240

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
15360

File identification
MD5 224c73f8172123e5ddca2302425664a6
SHA1 58c077bc129a792b09d01e7f2afe079c628254a8
SHA256 098c5a6d4c9e0926c054fc7ca79f67e6de7bf8f41245ed1063fea48575bb377d
ssdeep
1536:hdY9t6c6HnAUDy34Srzyfzt3ycjPsfxjy+AX8dj+D9ewuP:hdYn6rHAd4Svyrt3vLsf1y+AX8dj+pc

authentihash 3c237f255ffc5ebd57eeb0a24dbf1d0d51930c276becab8634bcdc3813ebff6f
imphash e29873856a8ad0c0abe94c91ed5d9b8d
File size 69.0 KB ( 70656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-28 18:29:23 UTC ( 2 years, 5 months ago )
Last submission 2013-11-28 18:29:23 UTC ( 2 years, 5 months ago )
File names DECRYPTED
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Set keys
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications